In some current computing environments, some users require computations to be performed that are very computationally expensive in that they require a great deal of time or computational resources, or both. However, it is often the case that such users do not have, at their disposal, sufficient computational resources to perform the expensive computations in any sort of efficient manner. Therefore, such computations are sometimes outsourced, or delegated, to a more powerful resource, such as a server. Thus, for instance, when the user receives an input that requires the expensive computation, the user sends the input off (or delegates it) to the server for performance of the expensive computation on the input. The server then returns the result to the user (or delegator).
However, there can be incentives for the server to perform a calculation in a way that is less costly, but often less accurate, than otherwise. Therefore, it can be beneficial for the delegator to be able to verify the answer returned by the server.
One way to address this problem is to simply have the delegator repeat the expensive calculation to verify the answer returned by the server. This, however, is highly inefficient in that the delegator must perform the expensive computation which has been outsourced. Alternatively, the delegator can verify only some of the results returned by the server. This also has drawbacks because the more results that are verified, the lower the efficiency of the overall computation.
Other ways of verifying an outsourced computation often involve a highly interactive verification process. That is, there are a relatively large number of interactions between the delegator and the server, in order to verify that the computation is indeed correct.
Other problems exist with outsourcing computations as well. Some systems allow the server to observe whether the delegator accepts or rejects the result returned by the server. With many iterations, the server can slowly learn the techniques used for verification by the delegator, and can then, eventually, mislead the user into accepting an incorrect answer.
Also, in many current systems, the server returns the result of the expensive computation, and the delegator must then perform a separate operation to verify the accuracy of the result. That is, the performance of the expensive computation, and the verification of the result of that computation, are two separate processes, often requiring two separate components.
Data encryption has been employed using a public and private key architecture. In such an architecture, a public key is generated and published, and a private or secret key is also generated and secretly shared with those entities that are allowed to decrypt data. When data is encrypted, it is encrypted using the public key and the only entity that can decrypt the data is one who has the private key.
Attribute based encryption is a type of encryption that is commonly employed in an environment where a message is encrypted, but the entity that encrypts the message does not necessarily know who will be accessing the data. In general, the data can be encrypted to any predefined set of attributes. The data is encrypted to a set of attributes, and the entity that is decrypting the data has a secret key that is associated with a predefined access policy. If the decryption entity has a secret key associated with an access policy, and the set of attributes that the data is encrypted under satisfies the access policy, then and only then can the decrypting entity successfully decrypt the data.
A type of attribute-based encryption, referred to as “key policy attribute-based encryption” (KP-ABE), is a type of attribute-based encryption wherein each user's private key has an associated access structure which specifies the type of ciphertext the private key can successfully decrypt. If the user's access structure is satisfied by the set of attributes that the ciphertext is encrypted under, then the user can decrypt the ciphertext. Otherwise, the secret key corresponding to the access structure is useless to the decryption entity.
The discussion above is merely provided for general background information and is not intended to be used as an aid in determining the scope of the claimed subject matter.